The All-in-One Video Gallery plugin for WordPress has a security issue that allows attackers to insert harmful scripts into pages through the plugin’s Video feature. This can happen when an authorized user, with contributor-level access or higher, adds certain information to the page. This vulnerability exists in all versions of the plugin up to version 3.7.1.